Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Global Views on Internet Laws: Data Protection, US Privacy, and Government Data Access, Slides of Computer Science

An outline of international perspectives on internet legislation, focusing on data protection and us privacy laws. Topics include the data protection act 1998, us privacy laws, government access to data, and relevant statutes such as the regulation of investigatory powers act 2000 and the us patriot act 2001. It also covers international policing and encryption.

Typology: Slides

2012/2013

Uploaded on 01/02/2013

shantii
shantii 🇮🇳

4.4

(14)

98 documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
International Perspectives on
Internet Legislation
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download Global Views on Internet Laws: Data Protection, US Privacy, and Government Data Access and more Slides Computer Science in PDF only on Docsity!

International Perspectives on

Internet Legislation

Outline

  • Data Protection Act 1998

 US Privacy Laws

  • Government access to data

 Regulation of Investigatory Powers Act 2000  US PATRIOT Act 2001  Data Retention

  • E-Commerce Regulations

 Copyright Infringement  Deep Linking, Brands and other web-page issues

  • Crime and policing

 Phishing  Politics  International Policing

Data Protection Act 1998

  • Overriding aim is protect the interests of (and avoid risks to)

the Data Subject

 differs from US “privacy protection” landscape

  • Data processing must comply with the eight principles (as

interpreted by the regulator)

  • All data controllers must “notify” (£35) the Information

Commissioner (unless exempt)

 exemptions for “private use”, “basic business purposes” (but not CCTV) : see website for details

  • Data Subjects have a right to see their data

US Privacy

  • US approach is sector specific (and often driven by specific

cases) For example:

 privacy of mail (1782, 1825, 1877)  privacy of telegrams (state laws in the 1880s)  privacy of Census (1919)  Bank Secrecy Act 1970 (requires records kept!)  Privacy Act 1974 (regulates the Government)  Cable Communications Policy Act 1984 (viewing data)  Video Privacy Protection Act 1988 (purchase/rentals)  Telephone Consumer Protection Act 1991 (DNC in 2003)  Driver’s Privacy Protection Act 1994 (license data)

Sarbanes-Oxley

  • US Federal Law (Public Company Accounting Reform and

Investor Protection Act of 2002)

 introduced after Enron/WorldCom/etc scandals

  • Public companies have to evaluate and disclose the

effectiveness of their internal controls as they relate to financial

reporting

  • Auditors required to understand & evaluate the company

controls

  • Companies now have to pay much more attention to data

retention and data retrieval

Security Breach Disclosure

  • California State Law SB1386 (2002) updated by AB1950 (2004)

 must protect personal data  if disclosed then must tell individuals involved

  • Now taken up by 46 (of 50) states & talk of a Federal Law (for

harmonisation)

 early on had a dramatic impact, now (100 million disclosures later) becoming part of the landscape  no central reporting (so hard to track numbers)  some disclosures look like junk mail!

  • EU has a sector-specific provision for telcos/ISPs and may

extend this when the Data Protection Directive is revised

RIP Act 2000 – Encryption

  • Basic requirement is to “put this material into an intelligible

form”

 can be applied to messages or to stored data  you can supply the key instead  if you claim to have lost or forgotten the key or password, prosecution must prove otherwise

  • Keys can be demanded

 notice must be signed by Chief Constable  notice can only be served at top level of company  reasoning must be reported to commissioner

  • Specific “tipping off” provisions may apply

Electronic Communications Act 2000

  • Part II – electronic signatures

 electronic signatures “shall be admissible in evidence”  creates power to modify legislation for the purposes of authorising or facilitating the use of electronic communications or electronic storage  not as relevant, in practice, as people in the “dot com bubble” thought it would be. Most systems continue to use contract law to bind people to commitments.

  • Remaining parts of EU Electronic Signature Directive were

implemented as SI 318(2002)

Data Retention

  • European Directive passed in 2005 (in record time, following

attacks in Madrid & London)

  • Done under 1st^ pillar (internal market) rather than 3 rd^ pillar

(police/judicial co-operation)

  • Wording of Directive makes little technical sense – and is

therefore being implemented haphazardly and inconsistently.

  • UK transposed this in April 2009

 only applies to you if Home Office sends you a notice  notices supposed to be sent to all (public) CSPs

  • Directive is currently being reviewed

E-Commerce Law

  • Distance Selling Regulations (2000)

 remote seller must identify themselves  details of contract must be delivered (email is OK)  right to cancel (unless service already delivered)  contract VOID if conditions not met

  • E-Commerce Directive (2002)

 restates much of the above  online selling and advertising is subject to UK law if you are established in the UK – whoever you sell to  significant complexities if selling to foreign consumers if you specifically marketed to them

Copyright Material

  • US has the DMCA “safe harbor” so that hoster is immune until

notified then must remove; but user may “put back”

 DMCA is very prescriptive about take-down and put-back notices

  • EU has eCommerce Directive and a “hosting” immunity – which

User Generated Content might (or might not) qualify for

 hoster immune until they have “actual knowledge”  related immunities are “mere conduit” and “cacheing”

  • Under the UK’s Digital Economy Act 2010 there is to be

“graduated response” to notification of file sharing

infringements

 it is envisaged that only a court will grant access to customer details (or of course a police officer can serve RIP paperwork)  similar initiatives elsewhere (France: Hadopi), but not yet? in US

Deep Linking

  • Deep Linking is the term for pointing at specific pages on

another website rather than the top level.

  • Courts generally rule against this when “passing off”

 1996 Shetland Times v Shetland News (UK) settled  1997 TicketMaster v Microsoft (US) settled  2000 TicketMaster v tickets.com (US) allowed [since clear]  2006 naukri.com v bixee.com (India) injunction  2006 HOME v OFiR (Denmark) allowed [not a database]  2006 SFX motor sports v supercrosslive (Texas) injunction  2007 Copiepresse Press v Google (Belgium) forbidden

Brand Names

  • Significant protection for brands in domain names

 Uniform Dispute Resolution Protocol for brand owners  mikerowesoft.com settled, microsuck.com survived…  US: 1999: Anticybersquatting Consumer Protection Act  US: 2003: Truth in Domain Names Act

  • Using other people’s brand names in meta-tags doesn’t usually

survive legal challenge

  • Many US rulings on “adwords” now occurring; if you just buy

keyword then you may well be OK, but definite risk of problems

if use trademarks in ad copy, or on landing page

 NB Google has its own rules as well

  • Germany, UK, Austria following US line, France is not, but ECJ

have followed the US approach which should harmonise things

Politics & Terrorism

  • Mainstream politics is following the extremists onto the web

 especially Obama’s fundraising (but Howard Dean did it first)

  • Many issues arise on content

 defamation, incitement, anti-terror laws

  • Raising money raises lots of issues for political parties, for

example in the UK:

 need to know identity if amount over £  need to report if over £5000 (or even £1000)  need to identify “permissible donors”  raising money for terrorism forbidden (!)